search

fiware-cybercaptor / cybercaptor-data-extraction

Python scripts allowing to prepare the inputs for CyberCAPTOR
GNU General Public License v3.0
1 stars 3 forks source link

CSV Headers not supplied #1

Closed CyberTaoFlow closed 8 years ago

CyberTaoFlow commented 8 years ago

Greetings! Thanks for your work on this it looks very promising.

I have found an issue that although I have figured out mostly others may not.

Your documentation does not include the format of the CSV's to be used for input. Foir example the routing file csv format is i believe:

host(router)_name,destination,mask,gateway,interface

Adding these for the CSV's would be usefule to help people get started.

Also the flow matrix format is not supplied, and looking at topology.py I am also unclear about other items expected formats like the 'connectedToWAN' item. Is that field expected to be binary ( 0=no 1=yes ) value or an ip address?

CyberTaoFlow commented 8 years ago

Found these in the docker container,apparently the csv delimiter is ; not ,

Host-If's Hostname;Interface Name;IP address;Connected to WAN;metric linux-user-1;eth0;192.168.1.111;false;7 linux-user-2;eth0;192.168.1.112;false;30 Dmz-1;eth0;10.15.10.11;false;0.8 Dmz-2;eth0;10.15.10.14;false;0.7 router;eth0;192.168.1.1;false;0.1 router;eth1;10.15.10.1;false;0.1 router;eth2;1.1.2.2;true

Vlans name;address;netmask;gateway user-lan;192.168.1.0;24;192.168.1.1 dmz;10.15.10.0;24;10.15.10.1

Routes host;destination;mask;gateway;interface router;10.15.10.1;255.255.255.0;10.15.10.1;eth1 router;192.168.1.1;255.255.255.0;192.168.1.1;eth0 router;0.0.0.0;0.0.0.0;1.1.1.1;eth2

Flow Matrix

"source";"destination";"source_port";"destination_port";"protocol" "10.15.10.0/24";"192.168.1.0/24";"any";80;"TCP" "192.168.1.0/24";"10.15.10.0/24";"any";"any";"any" "internet";"10.15.10.0/24";"any";"any";"any" "internet";"10.15.10.0/24";"any";443;"TCP" "192.168.1.0/24";"internet";"any";"any";"any" "10.15.10.0/24";"internet";"any";"any";"any" 10.15.10.11;192.168.1.112;any;5353;TCP

jhahkala commented 8 years ago

Thanks, I was looking for these for a while, in the end I had to go through the source code to get rough idea.

Does it produce correct output with these inputs? On vlans for example the description line in the beginning mentions netmask, but the values don't have it. Looking at the code it seems that the netmask was meant to be optional, but in practice there seems to be a bug that makes it mandatory.

On hosts-interfaces, in the source the last item is called security_requirement, but is optional.

Would be nice if the developers would give definite definition of the input files and more description of them.

fredericgithub commented 8 years ago

Same here, we would love to hear from the developer(s) on this. At first we saw this ticket was opened about 10 days ago so we waited to see if there would be an answer, but now we're just jumping too in the queue of people who would definitely appreciate an answer to this;) Thanks a lot in advance!!

fxaguessy commented 8 years ago

Hello,

Sorry for the late answer. Thanks for your feedback. I just added a documentation file describing the CSV inputs: https://github.com/fiware-cybercaptor/cybercaptor-data-extraction/blob/master/doc/inputs-file-specifications.md with explanations and examples.

If you have any other suggestion, don't hesitate to propose a PR.

fredericgithub commented 8 years ago

Bonjour François-Xavier, Merci beaucoup! Thanks so much for this. Best, Frederic